Jim Butterworth gives an overview of large scale intrusion investigations at DoD Cyber Crime 2008. 

Topics include: 
* Team assembly 
* Phased approach to investigations 
* Identification and Containment 
* Malware analysis 
* Why memory is important in IR 
* Dealing with log files 
* When to image and when to flatten 
* When to pull the plug 
* When to recognize when enough is enough 
* Reporting and legal considerations